From: Vladimir Davydov <vdavy...@parallels.com>
It is possible to disable oom killer inside a memory cgroup by writing 1
to memory.oom_control. If a process inside such a cgroup hits the memory
limit and is unable to reclaim anything, it will wait until more memory
becomes available.
This operation shouldn't be allowed inside container, because (a)
disabling oom in a cgroup disables it in all its ascendants and (b) it
is impossible to stop a container if there is a process waiting for
memory instead of invoking oom killer (freezer will never be able to
freeze it).
Signed-off-by: Vladimir Davydov <vdavy...@parallels.com>
Reviewed-by: Kirill Tkhai <ktk...@odin.com>
(cherry picked from vz8 commit 98e3cf14f11d2896d1f22ff2952a90cea2f458bc)
Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
---
mm/memcontrol.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index ae6de65..aa75ae2 100644
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -52,6 +52,7 @@
#include <linux/sort.h>
#include <linux/fs.h>
#include <linux/seq_file.h>
+#include <linux/ve_proto.h>
#include <linux/vmpressure.h>
#include <linux/mm_inline.h>
#include <linux/swap_cgroup.h>
@@ -4509,6 +4510,9 @@ static int mem_cgroup_oom_control_write(struct
cgroup_subsys_state *css,
if (mem_cgroup_is_root(memcg) || !((val == 0) || (val == 1)))
return -EINVAL;
+ if (!ve_is_super(get_exec_env()) && val != 0)
+ return -EACCES;
+
memcg->oom_kill_disable = val;
if (!val)
memcg_oom_recover(memcg);
--
1.8.3.1
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
